Cybersecurity and digital forensics professional

What would make you a great fit?

• Master or university degree in Information Technology or Computer Science with a focus on Cybersecurity and Forensics.
• Experienced (2 years and more) in Cybersecurity and Forensics (digital investigations on computers).
• Willingness to integrate large scale company and international environment.
• Work autonomy, growth mindset, learning agility and team player.
• Business acumen, strong communication skills and ability to present to different levels of stakeholders in a timely manner.
• Fluent Business English.
• Have previous experience working in Microsoft environment, Microsoft Purview and Microsoft Insider Risk Management.
• Have AZ900 and/or SC900 Certifications.
• Have previous experience working with the following solutions: Magnet Forensic Axiom, Exterro Forensic Toolkit (FTK) or OpenText EnCase Forensic.
• Have followed AXIOM AX200 training.
• Are a certified MCFE (Magnet Certified Forensics Examiner) professional.
• Have followed SANS FOR498 and/or FOR500 trainings.
• Are a certified GBFA (GIAC Battlefield Forensics and Acquisition) professional.
• Have previous experience working in international setting.

What will you do?

• Log Analysis: Review system, network, and application logs for unusual activities that could indicate insider threats, such as unauthorized data access, unusual login patterns, or file manipulation.
• Evidence collection: collect digital artifacts, such as emails, chat logs, and file access logs, while following strict evidence-handling procedures to ensure admissibility in potential legal proceedings artifacts.
• Disk and Memory Imaging: Create disk images of suspect systems and memory dumps to preserve the state of a system at a specific time. This preserves evidence and provides a baseline for further analysis.
• Metadata Preservation: Extract metadata from files, emails, and communications to understand how, when, and where data was accessed or modified.
• Behavioral Analysis: Use behavioral analytics tools to identify deviations in user behavior, such as downloading large amounts of sensitive data, accessing restricted areas, or frequently changing device locations.
• User Behavior Analysis: Examine logs and other data to understand the suspect's activity patterns and determine whether actions were intentional or accidental.
• Forensic Tool Utilization: Use specialized tools like Axiom, EnCase, FTK, and other forensic suites to investigate digital evidence, reconstruct actions, and identify patterns that may indicate a risk.
• Stay Updated on Threat Intelligence: Keep up to date with the latest insider threat tactics, techniques, and procedures (TTPs) and adjust detection and prevention strategies accordingly.
• Training and Awareness: Develop and deliver training sessions for employees and managers on recognizing and reporting insider threats, and best practices for data protection.
• Maintain Chain-of-Custody Logs: Ensure all evidence handling follows documented protocols to maintain a clear chain of custody.
• Compliance Checks: Ensure investigations are aligned with regulatory and legal requirements like GDPR, HIPAA, or SOC 2, depending on the organization’s industry.